Malicious Emailers Find Healthcare Firms Juicy PreyFebruary 26, 2015
Healthcare providers have garnered growing interest from hackers in recent months. More evidence of that trend appeared last week in a report on email trust. An email that appeared to come from a healthcare company was four times more likely to be fraudulent than an email purportedly from a social media company like Facebook, one of the largest creators of email on the Internet, Agari found.

FTC, Private Sector Lock Horns Over Consumer Data ProtectionFebruary 25, 2015
The major headline hacking event of 2014 involved data theft at a highly visible enterprise: Sony Pictures. Perhaps just as significant in e-commerce security was a 2014 federal court ruling which allows the FTC to continue penalizing commercial firms for failure to protect consumer data from hackers. That decision has been challenged, and in early March the FTC and its opponent will square off in court.

Google Rails Against Proposal to Give Feds Remote Hacking AuthorityFebruary 20, 2015
Google is fighting a proposed amendment to Rule 41 of the U.S. Criminal Code that might allow authorities to hack into computers abroad. The amendment seeks to empower a magistrate in a district where activities related to a crime may have occurred to issue a warrant for remote search of computers, as well as seizure or copying of their files, under certain circumstances.

Cyberthieves Bag a Billion in Snail-Speed Bank HeistsFebruary 18, 2015
Criminals using Carbanak malware have stolen up to $1 billion from 100 financial institutions in Russia, China, Germany and the United States, Kaspersky Lab has revealed. The gang is expanding operations to other countries. Kaspersky has advised financial institutions to scan their networks for intrusion by Carbanak. "These are advanced threat actors," said Lancope CTO TK Keanini.

It's Time to Investigate Cyber InsuranceFebruary 17, 2015
Almost every day there are reports of cyberintrusions, attacks and related security breaches. If your company does not have the right insurance, it could be even more of a disaster. What company can afford not to have insurance for a potential cyberdisaster? Let's look at some protective measures that can be taken to safeguard your business.

Facebook Launches ThreatExchange to Stymie CybercrimeFebruary 13, 2015
"Threat researchers do already share this data manually," Jeremy Demar, director of threat research at Damballa, told TechNewsWorld. "The value in systems like this isn't the ability to share raw intelligence [it's the] structured data that allows for the information to be accessed quickly and easily by the users." ThreatExchange is based on Facebook's ThreatData threat analysis framework.

Obama's Cyberthreat Intel Aggregator Plan Divides Security ExpertsFebruary 12, 2015
The Obama Administration on Tuesday announced plans to set up a national Cyber Threat Intelligence Integration Center to integrate all data from government agencies and the private sector, and disseminate it appropriately. The intelligence integration center will initially have a staff of 50 and a budget of US$35 million. Reactions from cybersecurity experts were mixed.

Bug Bounties Entice Researchers to Don White HatsFebruary 10, 2015
Bug bounty programs are used by individual software makers to improve the quality of their products, but they can have incidental benefits for all software makers, too. One of those is to encourage bug hunters to wear a white hat instead of a black one. When you make it easy for hackers to do the right thing, the majority will," noted Alex Rice, CTO of HackerOne.

Is the FTC Jumping the Gun on IoT Security?February 03, 2015
For months, the security community has been waving a red flag about how the nascent Internet of Things could become a cyber criminal's paradise. Last week, those admonitions were given some credence when the Federal Trade Commission recommended that the makers of IoT gadgets adopt some "best practices" to protect consumers from potential violations of their privacy and security.

POS Terminals Rich Vein for Gold-Digging HackersJanuary 28, 2015
Hackers are like gold miners. Once they find a rich vein for their malware, they mine it until it's dry. Point-of-sale terminals are such a vein, and it doesn't appear that it's one that's about to run dry any time soon. Following the success of the Target breach in 2013, the hacker underground was quick to rush more POS malware to market.

Businesses Seek Liability Protection for Cybersecurity DisclosuresJanuary 28, 2015
"No foreign nation, no hacker, should be able to shut down our networks, steal our trade secrets, or invade the privacy of American families," President Barack Obama told the U.S. Congress during the State of the Union Address last week. However, hunting down the perpetrators of cyberattacks that compromise national security or disrupt commerce is only going to get more difficult in the future.

Coinbase Bitcoin Exchange Off to a Rocky StartJanuary 26, 2015
Coinbase on Monday launched Coinbase Exchange, the first regulated bitcoin exchange in the U.S. It got the jump on the upcoming Gemini exchange currently being established by Cameron and Tyler Winkelvoss. The firm debuted in 24 U.S. states, but the launch was bedeviled with problems. Some pages reportedly failed to load completely, and some users had problems with access.

White House Jump-Starts Cybersecurity Protection ProgramsJanuary 23, 2015
As members of the U.S. Congress started to prepare for the upcoming legislative session, President Obama lost little time in putting cybersecurity near the top of a to-do list for lawmakers. During a visit to the federal National Cybersecurity Communications Integration Center, Obama called for additional legislation to improve information technology protection.

Businesses Waste Big Bucks Fighting Phantom CyberattacksJanuary 21, 2015
Businesses spend an average of $1.27 million a year chasing cyberthreats that turn out to be dead ends. That is one of the findings in a report released last week on the cost of containing malware. In a typical week, an organization can receive nearly 17,000 malware alerts, although only 19 percent of them are considered reliable, the researchers found.

Warning Sony of Coming Storm Wasn't NSA's DepartmentJanuary 19, 2015
The United States National Security Agency reportedly knew in advance that North Korea was about to hack into Sony's systems. The NSA apparently penetrated North Korea's network through several vectors, including Chinese networks used to connect with the rest of the world and hacker connections in Malaysia. The NSA was able to burrow in using the networks of South Korea and other allies.

Hacking as a Service Hits the MainstreamJanuary 19, 2015
A fledgling website created last fall connects hackers with clients willing to pay for their services. Nearly 50 hackers have listed their services on Hacker's List so far, for tasks including data recovery, penetration testing and computer forensics. More than 500 hacking jobs reportedly had been out to bid as of last week, with prices ranging from $100 to $5,000.

Sony Sortie's Smoking Gun Still MissingJanuary 14, 2015
Recent research from security firm Cloudmark has raised doubt about the purported connection between North Korea and last November's intrusion on Sony Pictures Entertainment's computer networks. The FBI last week continued to press its case that North Korea was behind the cyberattack, pointing to an exposed block of IP addresses allocated to North Korea.

Data Breach Law Tops Obama Privacy InitiativesJanuary 12, 2015
A proposed national data breach reporting law, aimed primarily at protecting consumer privacy, headlined several initiatives the Obama administration announced Monday. The Personal Data Notification & Protection Act clarifies the obligations of companies when there's been a data breach. It includes a requirement to notify customers within 30 days of the discovery of a breach.

Thieves Take $5M Bite Out of Bitcoin ExchangeJanuary 07, 2015
An estimated $5.2 million was stolen over the weekend from Bitstamp, a digital currency exchange. It has suspended services pending an investigation. The company assured its customers that bitcoins held with Bitstamp prior to suspension of services were completely safe and would be honored in full. Bitstamp on Sunday discovered that some of its operational wallets had been compromised.

Yikes! Ransomware Could Take Over Your Hard DriveJanuary 05, 2015
Malware is running rampant on the Internet, affecting smartphones, tablets and PCs. Relatively new malware allows bad guys to encrypt devices until a ransom is paid. Usually the ransom is required in bitcoin, rather than U.S. currency, as it cannot be traced. What are the legal and other risks associated with ransomware? Ransomware is largely directed at personal devices and small businesses.

Hackers Give Touch ID the FingerDecember 29, 2014
Hacker Jan Krissler, aka "Starbug," this weekend told attendees at the 31st Chaos Computer Club convention that he had replicated the fingerprints of German Defense Minister Ursula von der Leven using a standard photo camera and commercially available software. Krissler used a close-up of a photo of the minister's thumb and other pictures taken at different angles during a press event in October.

The Big Tech Stories of 2015December 29, 2014
Last week, we looked back at the largely untold, or under told, stories of 2014. This week, let's look ahead to some of the stories that are coming in 2015. We'll have robots, self-driving cars, armed autonomous drones, the professional proliferation of head mounted cameras, some scandals, and some interesting political implications. I'll close with my product of the year, which even surprised me.

The Untold Stories of 2014December 22, 2014
It is time to look back at 2014, so I'll focus here on a series of stories I thought were interesting but didn't seem to catch much or any real air. Some, like what is really behind Sony's decision to pull The Interview still might take off. Hadoop analytics is one of the most powerful platforms to come to market, and one vendor stands out above all others: Cloudera.